Basic Auth only on protected routes

[adamgall]

Closes #210

• Remove "basic auth" middleware from the root app, which is enabled if user has BTCEXP_BASIC_AUTH_PASSWORD set
• Beef up the app/auth.js middleware implementation to consolidate demo and you need to set a password to access this route behavior
• Use the auth middleware directly on the protected routes

[Kixunil]

Would it be possible to add SSO the same way Thunderhub and RTL do it? They allo authentication by adding a suffix (e.g. token=...) to the URL. (I don't care what the suffix looks like, even #... is fine)

[shesek]

I would like to have authentication for the entire btc-rpc-explorer instance, is this still possible with this PR?

[Kixunil]

@shesek that's already possible and I actually use it in my repository. It's basic HTTP auth which sucks if you want SSO, but better than nothing I suppose.

[shesek]

@Kixunil Yes, I know, I use this too (I was actually the one that sent the PR for this). Was just wondering if this PR removed that option or not.

[Kixunil]

Based on this comment I think it was kept.

[shesek]

Looking at the code, it seems like it was not.